[SOLVED, sort of] UFW disabled after reboot

Questions about applications and software
Forum rules
Before you post please read how to get help
lmintnewb2

Re: UFW disabled after reboot

Postby lmintnewb2 » Wed Nov 08, 2017 11:37 am

So hey, at least it worked out. Might take that puppy for a spin over to an online firewall testing website or so. See what it says about the state of the firewall. Did get around to hitting up ShieldsUP just to see. Thing passed mostly but not true stealth as system was reported as still responding to ping echo requests. All ports unsurprisingly closed though.

May or not even bothering to investigate it further. Always personally preferred having a system's firewall dropping any non-requested connections or requests with no response. Definitely wouldn't consider ShieldsUP as any real penetration or security assessment resource. Not concerned enough about it to go through an exhaustive audit.

Mintnix
Level 1
Level 1
Posts: 44
Joined: Sat Oct 03, 2015 8:00 am

Re: UFW disabled after reboot

Postby Mintnix » Wed Nov 08, 2017 1:14 pm

greerd wrote:Just to be clear, active doesn't equal enabled, 'systemctl status ufw' only verifies the ufw process was started, not whether it's enabled on startup.

Another thing is iptables might be used instead by perhaps a VPN ? Usually if the VPN has a 'kill switch' or 'network lock' or similar.


i do use a VPN and i have the kill switch enabled - it does use iptables

how should i handle this?

greerd
Level 5
Level 5
Posts: 706
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: UFW disabled after reboot

Postby greerd » Wed Nov 08, 2017 1:42 pm

Mintnix wrote:i do use a VPN and i have the kill switch enabled - it does use iptables

how should i handle this?

Well, I would say you have a non issue, and everything is working as expected. Remember that ufw is a front end for iptables and it's main purpose is ease of use, so setting rules in ufw end up as rules in iptables.

I think the general definition of a 'Kill Switch' in this context is for leak protection should the VPN severs ever lose connection. So when your VPN client starts it runs a script that will first disable ufw then flushes iptables, then loads it's own iptables rules. This is the only way to ensure no conflicting rules are set in iptables.

You can test this by opening up gufw, exiting the VPN gui and confirming that gufw will then return to its previous state, and vise versa, as long as its shut down nicely and not killed.

Also you can take a look at your iptables rules by running sudo iptables -S (uppercase S) The -S option equals --list-rules. You can also do this to see what ufw rules look like in iptables.
Image

Mintnix
Level 1
Level 1
Posts: 44
Joined: Sat Oct 03, 2015 8:00 am

Re: UFW disabled after reboot

Postby Mintnix » Fri Nov 10, 2017 9:38 am

i never checked the status of UFW from the terminal and, as another has said, it was probably running all the while

at any rate, i have not had this problem on LM 17.x or 18.1 with the same config (VPN with network lock activated)

my solution was to remove gufw and replace it with ufw-kde


Return to “Software & Applications”

Who is online

Users browsing this forum: fungus and 7 guests